Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Flowring Technology|Agentflow - Use of Hard-coded Cryptographic Key
Vulnerability Description
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Flowring Agentflow 安全漏洞
Vulnerability Description
Flowring Agentflow是中国华苓(Flowring)公司的一个智能流程自动化(RPA)平台。 Flowring Agentflow存在安全漏洞,该漏洞源于使用硬编码加密密钥,可能导致未经验证的远程攻击者利用固定密钥生成验证信息,从而以任意用户身份登录系统。
CVSS Information
N/A
Vulnerability Type
N/A